Filter Setup

You must install filters on the ISA Server computer, where they
must reside locally. Filters must be registered as COM servers and
in the ISA configuration.

Filters that register a protocol need to have the protocol
registered on the enterprise level. This is particularly important
in a situation where only enterprise policy is used. Developers of
application filters should therefore provide two installation
facilities, one for installing a filter in the array, and one for
registering the filter at the enterprise level.

The registration process includes the following steps:

Copying the DLLs and any other necessary files to the ISA
Server computer (array setup only).

Registering the COM objects. The registration is typically
implemented in the DllRegisterServer function, which can be
activated by the RegSvr32 utility.

Register the filter in ISA Storage as an application filter for
the firewall service, on either the enterprise or array level by
using IFWXFilterAdmin::InstallFilter. You should implement
this step using the DllInstall function. Whether the filter
is installed on the enterprise or array level will depend on the
command-line parameters used with DllInstall, as shown in
the Setup Examples.

Note When an ISA administrator
installs a filter on ISA servers, there may be functions that
should be performed during the first installation of the filter on
a server, such as IFWXFilterAdmin::RegisterProtocolForFilter.
More importantly, during uninstallation there may be functions that
should only be performed by the last uninstallation, such as
IFWXFilterAdmin::UnregisterProtocolForFilter.
In that case, the protocol might be unregistered while filters on
some servers still require that the protocols be registered. For
this reason, when you develop a filter, you should consider using a
mechanism to synchronize filter installation in an array.

One solution is to use the
VendorParametersSets collection (accessed through the
FPCServer.VendorParametersSets
property) to write to the server storage a value under the vendor
name and filter GUID. The server storage will thus have a record
that the filter is installed, and your filter can use that
information to keep track of its relative order in the installation
or uninstallation process.

Setup Examples

Provided here are examples of the commands used to perform
application filter setup on the array and enterprise level.

Uninstall on enterprise

Note Because the filter objects
are created when the Firewall service starts, the server must be
stopped and then restarted after setup is completed.

The RegSvr32 utility is not a required part of the
setup. A setup utility can use RegSvr32, or load the DLL and call
the registration code directly.

Services may not have the necessary permissions to
allow them to write vendor-specific information to the DS. For this
reason, you should perform the saving of vendor parameters to ISA
during filter setup.